001package com.nimbusds.jose; 002 003 004import net.jcip.annotations.Immutable; 005 006 007/** 008 * JSON Web Signature (JWS) algorithm name, represents the {@code alg} header 009 * parameter in JWS objects. Also used to represent integrity algorithm 010 * ({@code ia}) header parameters in JWE objects. This class is immutable. 011 * 012 * <p>Includes constants for the following standard JWS algorithm names: 013 * 014 * <ul> 015 * <li>{@link #HS256} 016 * <li>{@link #HS384} 017 * <li>{@link #HS512} 018 * <li>{@link #RS256} 019 * <li>{@link #RS384} 020 * <li>{@link #RS512} 021 * <li>{@link #ES256} 022 * <li>{@link #ES384} 023 * <li>{@link #ES512} 024 * <li>{@link #PS256} 025 * <li>{@link #PS384} 026 * <li>{@link #PS512} 027 * </ul> 028 * 029 * <p>Additional JWS algorithm names can be defined using the constructors. 030 * 031 * @author Vladimir Dzhuvinov 032 * @version 2015-10-14 033 */ 034@Immutable 035public final class JWSAlgorithm extends Algorithm { 036 037 038 /** 039 * HMAC using SHA-256 hash algorithm (required). 040 */ 041 public static final JWSAlgorithm HS256 = new JWSAlgorithm("HS256", Requirement.REQUIRED); 042 043 044 /** 045 * HMAC using SHA-384 hash algorithm (optional). 046 */ 047 public static final JWSAlgorithm HS384 = new JWSAlgorithm("HS384", Requirement.OPTIONAL); 048 049 050 /** 051 * HMAC using SHA-512 hash algorithm (optional). 052 */ 053 public static final JWSAlgorithm HS512 = new JWSAlgorithm("HS512", Requirement.OPTIONAL); 054 055 056 /** 057 * RSASSA-PKCS-v1_5 using SHA-256 hash algorithm (recommended). 058 */ 059 public static final JWSAlgorithm RS256 = new JWSAlgorithm("RS256", Requirement.RECOMMENDED); 060 061 062 /** 063 * RSASSA-PKCS-v1_5 using SHA-384 hash algorithm (optional). 064 */ 065 public static final JWSAlgorithm RS384 = new JWSAlgorithm("RS384", Requirement.OPTIONAL); 066 067 068 /** 069 * RSASSA-PKCS-v1_5 using SHA-512 hash algorithm (optional). 070 */ 071 public static final JWSAlgorithm RS512 = new JWSAlgorithm("RS512", Requirement.OPTIONAL); 072 073 074 /** 075 * ECDSA using P-256 curve and SHA-256 hash algorithm (recommended). 076 */ 077 public static final JWSAlgorithm ES256 = new JWSAlgorithm("ES256", Requirement.RECOMMENDED); 078 079 080 /** 081 * ECDSA using P-384 curve and SHA-384 hash algorithm (optional). 082 */ 083 public static final JWSAlgorithm ES384 = new JWSAlgorithm("ES384", Requirement.OPTIONAL); 084 085 086 /** 087 * ECDSA using P-521 curve and SHA-512 hash algorithm (optional). 088 */ 089 public static final JWSAlgorithm ES512 = new JWSAlgorithm("ES512", Requirement.OPTIONAL); 090 091 092 /** 093 * RSASSA-PSS using SHA-256 hash algorithm and MGF1 mask generation 094 * function with SHA-256 (optional). 095 */ 096 public static final JWSAlgorithm PS256 = new JWSAlgorithm("PS256", Requirement.OPTIONAL); 097 098 099 /** 100 * RSASSA-PSS using SHA-384 hash algorithm and MGF1 mask generation 101 * function with SHA-384 (optional). 102 */ 103 public static final JWSAlgorithm PS384 = new JWSAlgorithm("PS384", Requirement.OPTIONAL); 104 105 106 /** 107 * RSASSA-PSS using SHA-512 hash algorithm and MGF1 mask generation 108 * function with SHA-512 (optional). 109 */ 110 public static final JWSAlgorithm PS512 = new JWSAlgorithm("PS512", Requirement.OPTIONAL); 111 112 113 /** 114 * JWS algorithm family. 115 */ 116 public static final class Family extends AlgorithmFamily<JWSAlgorithm> { 117 118 119 /** 120 * HMAC using a SHA-2 hash. 121 */ 122 public static final Family HMAC_SHA = new Family(HS256, HS384, HS512); 123 124 125 /** 126 * RSA signature (RSASSA-PKCS-v1_5 or RSASSA-PSS) using a SHA-2 127 * hash. 128 */ 129 public static final Family RSA = new Family(RS256, RS384, RS512, PS256, PS384, PS512); 130 131 132 /** 133 * Elliptic Curve signature (ECDSA) using a SHA-2 hash. 134 */ 135 public static final Family EC = new Family(ES256, ES384, ES512); 136 137 138 /*** 139 * Creates a new JWS algorithm family. 140 * 141 * @param algs The JWS algorithms of the family. Must not be 142 * {@code null}. 143 */ 144 public Family(final JWSAlgorithm ... algs) { 145 super(algs); 146 } 147 } 148 149 150 /** 151 * Creates a new JSON Web Signature (JWS) algorithm name. 152 * 153 * @param name The algorithm name. Must not be {@code null}. 154 * @param req The implementation requirement, {@code null} if not 155 * known. 156 */ 157 public JWSAlgorithm(final String name, final Requirement req) { 158 159 super(name, req); 160 } 161 162 163 /** 164 * Creates a new JSON Web Signature (JWS) algorithm name. 165 * 166 * @param name The algorithm name. Must not be {@code null}. 167 */ 168 public JWSAlgorithm(final String name) { 169 170 super(name, null); 171 } 172 173 174 /** 175 * Parses a JWS algorithm from the specified string. 176 * 177 * @param s The string to parse. Must not be {@code null}. 178 * 179 * @return The JWS algorithm (matching standard algorithm constant, else 180 * a newly created algorithm). 181 */ 182 public static JWSAlgorithm parse(final String s) { 183 184 if (s.equals(HS256.getName())) { 185 return HS256; 186 } else if (s.equals(HS384.getName())) { 187 return HS384; 188 } else if (s.equals(HS512.getName())) { 189 return HS512; 190 } else if (s.equals(RS256.getName())) { 191 return RS256; 192 } else if (s.equals(RS384.getName())) { 193 return RS384; 194 } else if (s.equals(RS512.getName())) { 195 return RS512; 196 } else if (s.equals(ES256.getName())) { 197 return ES256; 198 } else if (s.equals(ES384.getName())) { 199 return ES384; 200 } else if (s.equals(ES512.getName())) { 201 return ES512; 202 } else if (s.equals(PS256.getName())) { 203 return PS256; 204 } else if (s.equals(PS384.getName())) { 205 return PS384; 206 } else if (s.equals(PS512.getName())) { 207 return PS512; 208 } else { 209 return new JWSAlgorithm(s); 210 } 211 } 212}